Обсуждение: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

Поиск
Список
Период
Сортировка

unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

От
Bernd Lentes
Дата:
Hi,

i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded.
Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system.
I can't start the db server because it doesn't know the respective configuration parameters:

Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized configuration
parameter"ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106
 
Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized configuration
parameter"ldapserver" in file "/var/lib/pgsql/data/postgresql.conf" line 108
 
Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized configuration
parameter"ldapport" in file "/var/lib/pgsql/data/postgresql.conf" line 110
 
Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized configuration
parameter"ldaptls" in file "/var/lib/pgsql/data/postgresql.conf" line 112
 
Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized configuration
parameter"ldapbasedn" in file "/var/lib/pgsql/data/postgresql.conf" line 114
 
Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized configuration
parameter"ldapbindpasswd" in file "/var/lib/pgsql/data/postgresql.conf" line 116
 
Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] FATAL:  configuration file
"/var/lib/pgsql/data/postgresql.conf"contains errors
 
Nov 02 20:42:15 geneious postgresql-script[15575]: pg_ctl: could not start server
Nov 02 20:42:15 geneious postgresql-script[15575]: Examine the log output.
Nov 02 20:42:15 geneious systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE

Here is my setup from postgresql.conf:

ldapbinddn = 'xxxxxxxxxxx'
ldapserver = ldaps.scidom.de
ldapport = 636
ldaptls = 1
ldapbasedn = 'xxxxxxxxx'
ldapbindpasswd = 'xxxxxxxxxxxxxxxxx'

I took the parameters from the doc from the official webpage.
Do I need to switch on LDAP in a certain way ?

Thanks for any idea.

Bernd


Bernd Lentes

--
Bernd Lentes
System Administrator
MCD
Helmholtzzentrum München
+49 89 3187 1241
bernd.lentes@helmholtz-munich.de
https://www.helmholtz-munich.de/en/mcd

Helmholtz Zentrum München – Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstraße 1, D-85764 Neuherberg, https://www.helmholtz-munich.de
Geschäftsführung: Prof. Dr. med. Dr. h.c. Matthias Tschöp | Aufsichtsratsvorsitzende: MinDir’in Prof. Dr. Veronika von
Messling
Registergericht: Amtsgericht München HRB 6466 | USt-IdNr. DE 129521671

Re: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

От
Bruce Momjian
Дата:
On Thu, Nov  2, 2023 at 07:56:40PM +0000, Bernd Lentes wrote:
> Hi,
> 
> i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded.
> Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system.
> I can't start the db server because it doesn't know the respective configuration parameters:
> 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106
 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapserver" in file "/var/lib/pgsql/data/postgresql.conf" line 108
 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapport" in file "/var/lib/pgsql/data/postgresql.conf" line 110
 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldaptls" in file "/var/lib/pgsql/data/postgresql.conf" line 112
 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapbasedn" in file "/var/lib/pgsql/data/postgresql.conf" line 114
 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapbindpasswd" in file "/var/lib/pgsql/data/postgresql.conf" line 116
 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] FATAL:  configuration file
"/var/lib/pgsql/data/postgresql.conf"contains errors
 
> Nov 02 20:42:15 geneious postgresql-script[15575]: pg_ctl: could not start server
> Nov 02 20:42:15 geneious postgresql-script[15575]: Examine the log output.
> Nov 02 20:42:15 geneious systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE
> 
> Here is my setup from postgresql.conf:
> 
> ldapbinddn = 'xxxxxxxxxxx'
> ldapserver = ldaps.scidom.de
> ldapport = 636
> ldaptls = 1
> ldapbasedn = 'xxxxxxxxx'
> ldapbindpasswd = 'xxxxxxxxxxxxxxxxx'
> 
> I took the parameters from the doc from the official webpage.
> Do I need to switch on LDAP in a certain way ?

Okay, I am going to take a wild guess here, but the line numbers of the
errors skip by 2 (e.g., 106, 108), while the example you showed have
them in adjacent lines.  Could there be invalid characters in the file
contents?

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.



RE: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

От
"Capobianco, Tony"
Дата:
Shouldn't the ldap string be in the pg_hba.conf file?

https://www.enterprisedb.com/postgres-tutorials/how-connect-postgres-ldap-starttls

Tony

-----Original Message-----
From: Bruce Momjian <bruce@momjian.us>
Sent: Thursday, November 2, 2023 4:17 PM
To: Bernd Lentes <bernd.lentes@helmholtz-muenchen.de>
Cc: Pgsql-admin <pgsql-admin@lists.postgresql.org>
Subject: Re: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you
recognizethe sender and know the content is safe. 


On Thu, Nov  2, 2023 at 07:56:40PM +0000, Bernd Lentes wrote:
> Hi,
>
> i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded.
> Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system.
> I can't start the db server because it doesn't know the respective configuration parameters:
>
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapserver" in file "/var/lib/pgsql/data/postgresql.conf" line 108 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapport" in file "/var/lib/pgsql/data/postgresql.conf" line 110 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldaptls" in file "/var/lib/pgsql/data/postgresql.conf" line 112 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapbasedn" in file "/var/lib/pgsql/data/postgresql.conf" line 114 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG:  unrecognized
configurationparameter "ldapbindpasswd" in file "/var/lib/pgsql/data/postgresql.conf" line 116 
> Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] FATAL:  configuration file
"/var/lib/pgsql/data/postgresql.conf"contains errors 
> Nov 02 20:42:15 geneious postgresql-script[15575]: pg_ctl: could not start server
> Nov 02 20:42:15 geneious postgresql-script[15575]: Examine the log output.
> Nov 02 20:42:15 geneious systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE
>
> Here is my setup from postgresql.conf:
>
> ldapbinddn = 'xxxxxxxxxxx'
> ldapserver = ldaps.scidom.de
> ldapport = 636
> ldaptls = 1
> ldapbasedn = 'xxxxxxxxx'
> ldapbindpasswd = 'xxxxxxxxxxxxxxxxx'
>
> I took the parameters from the doc from the official webpage.
> Do I need to switch on LDAP in a certain way ?

Okay, I am going to take a wild guess here, but the line numbers of the
errors skip by 2 (e.g., 106, 108), while the example you showed have
them in adjacent lines.  Could there be invalid characters in the file
contents?

--
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us/
  EDB                                      https://enterprisedb.com/

  Only you can decide what is important to you.






Re: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

От
Laurenz Albe
Дата:
On Thu, 2023-11-02 at 19:56 +0000, Bernd Lentes wrote:
> i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded.

Possible ...

> Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system.
> I can't start the db server because it doesn't know the respective configuration parameters:
>
> LOG:  unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106
> [...]
> FATAL:  configuration file "/var/lib/pgsql/data/postgresql.conf" contains errors

... but in those older versions you couldn't have had the parameter in "postgresql.conf".

They belong in "pg_hba.conf"; see the documentation:
https://www.postgresql.org/docs/current/auth-ldap.html

Yours,
Laurenz Albe



RE: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

От
Bernd Lentes
Дата:
>-----Original Message-----
>From: Laurenz Albe <laurenz.albe@cybertec.at>
>Sent: Thursday, November 2, 2023 9:37 PM
>To: Bernd Lentes <bernd.lentes@helmholtz-muenchen.de>; Pgsql-admin <pgsql-
>admin@lists.postgresql.org>
>Subject: Re: unrecognized configuration parameter "ldapbinddn" in file
>"/var/lib/pgsql/data/postgresql.conf"
>
>
>They belong in "pg_hba.conf"; see the documentation:
>https://www.postg/
>resql.org%2Fdocs%2Fcurrent%2Fauth-
>ldap.html&data=05%7C01%7Cbernd.lentes%40helmholtz-
>muenchen.de%7Cd78c5ec0f0354398944408dbdbe3861e%7Ce229e4931bf240a79
>b8485f6c23aeed8%7C0%7C0%7C638345542473140044%7CUnknown%7CTWFpb
>GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
>%3D%7C3000%7C%7C%7C&sdata=rX90p7r6FHEyfApvxgqoJiO6Cg00A1pzs%2BvPV
>hCdMQA%3D&reserved=0

Yes.
Thanks.

Bernd
Helmholtz Zentrum München – Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstraße 1, D-85764 Neuherberg, https://www.helmholtz-munich.de/
Geschäftsführung: Prof. Dr. med. Dr. h.c. Matthias Tschöp | Aufsichtsratsvorsitzende: MinDir’in Prof. Dr. Veronika von
Messling
Registergericht: Amtsgericht München HRB 6466 | USt-IdNr. DE 129521671

Re: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"

От
Stephen Frost
Дата:
Greetings,

* Bernd Lentes (bernd.lentes@helmholtz-muenchen.de) wrote:
> i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded.

You really shouldn't use the 'ldap' auth method in PostgreSQL as it
involves passing around a cleartext password to work.

With Windows AD, you can use Kerberos which is what all of the Microsoft
applications use for authentication too, avoids users having to ever
enter in their password, avoids having users end up saving their domain
password into cliet tools like pgAdmin, and is just overall far, far,
better and much more secure.

Note that in PostgreSQL, the Kerberos auth method is 'gssapi'.

Thanks,

Stephen

Вложения